package org.webswing.server.services.security.modules.keycloak;

import java.util.ArrayList;
import java.util.List;
import org.webswing.Constants;
import org.webswing.server.common.model.meta.ConfigField;
import org.webswing.server.common.model.meta.ConfigFieldDefaultValueObject;
import org.webswing.server.common.model.meta.ConfigFieldDefaultValueString;
import org.webswing.server.common.model.meta.ConfigFieldEditorType;
import org.webswing.server.common.model.meta.ConfigFieldOrder;
import org.webswing.server.common.model.meta.ConfigFieldVariables;
import org.webswing.server.services.security.extension.api.WebswingExtendableSecurityModuleConfig;

@ConfigFieldOrder({"keycloakUrl", "keyCloakRealms", "callbackUrl", Constants.SESSION_ID_SUBSTITUTE, "clientSecret", "trustedPemFile", "usernameAttributeName", "rolesAttributeName"})
/* loaded from: input_file:WEB-INF/lib/webswing-server-security-2.5.5.jar:org/webswing/server/services/security/modules/keycloak/KeycloakSecurityModuleConfig.class */
public interface KeycloakSecurityModuleConfig extends WebswingExtendableSecurityModuleConfig {
    @ConfigField(label = "Keycloak URL")
    @ConfigFieldVariables
    String getKeycloakUrl();

    @ConfigField(label = "Realms", description = "At least one realm is required. First realm is the default one.")
    @ConfigFieldEditorType(editor = ConfigFieldEditorType.EditorType.ObjectListAsTable)
    @ConfigFieldDefaultValueObject(ArrayList.class)
    List<RealmEntry> getRealms();

    @ConfigField(label = "Callback URL", description = "URL of the webswing server where auth token will be received. Must end with /login")
    @ConfigFieldDefaultValueString("https://<webswing_host>:<webswing_port>/<swing_path>/login")
    @ConfigFieldVariables
    String getCallbackUrl();

    @ConfigField(label = "Client ID", description = "Client ID / API key")
    @ConfigFieldVariables
    String getClientId();

    @ConfigField(label = "Client Secret", description = "Leave empty if not required")
    @ConfigFieldVariables
    String getClientSecret();

    @ConfigField(label = "Trusted Certs File (PEM)", description = "Trusted cert chains to establish TLS connection with Open Id server. To disable cert validation use 'DISABLED' (only for testing)")
    @ConfigFieldVariables
    String getTrustedPemFile();

    @ConfigField(label = "Username Attribute Name", description = "ID Token claim name to be used as username")
    @ConfigFieldDefaultValueString("preferred_username")
    @ConfigFieldVariables
    String getUsernameAttributeName();

    @ConfigField(label = "Fallback Users File", description = "In case Keycloak Url is not reachable, fallback to local authentication. To enable fallback, set path to properties file with list of users. User entry format: user.<username>=<password>[,role1][,role2]")
    @ConfigFieldVariables
    String getFallbackFile();

    @ConfigField(label = "Roles Attribute Name", description = "Leave empty if not required")
    @ConfigFieldVariables
    String getRolesAttributeName();
}
